An article on the relative security and insecurity of websites and banks
Why is it that websites deem a 6 character all lower case password to be "very weak" when there's 306million+ possibilities. Yet a 4 digit PIN (9999 possibilities) is secure enough for banks?
The website one is almost 31,000 times more secure yet is deemed "weak". Surely a rule for websites that if the incorrect password is used a certain number of times the account is locked would be sufficient to make the weak password 31,000 times stronger than the bank's security.
We have to be practical about this. In reality, any rules around requiring a password to have upper and lower case letter and special characters such as $,% etc simply make it much more likely people will write the passwords down. Just because this makes it the person's problem rather than the website's is no excuse - the overall security of the account is the issue, including the likelyhood that the account will be broken into because the password was so complicated it, together with the dozons of other passwords from other sites, all had to be written down somewhere because it was too much to remember.
Can we please have simpler password rules for websites and some way of having one strong security mechanism which ties them all together?
Craig
By Craig Cockburn, IT Professional from Scotland. Digital Transformation, Agile Management, Politics and Social change
Total Pageviews
Subscribe to:
Post Comments (Atom)
Popular Posts
-
An article on how Agile can sit alongside PRINCE2 and where DSDM Atern fits in. In 2007, I put "used an Agile/PRINCE2 development str...
-
Find me on LinkedIn https://www.linkedin.com/in/siliconglen/ Medium https://siliconglen.medium.com/ thanks Craig
-
Your profile indicates you have been contracting recently, therefore you will only be interested in contract work then? Incorrect. Thi...
-
BBC NEWS | Politics | £141m benefits computer shelved : "It is the latest in a long series of computer problems for the government....
-
The UK Government Digital Service (GDS) has just had a reboot . However will it be value for money and deliver its objectives? Will th...
-
Please visit this link . I used to run a PRINCE2 group on LinkedIn, but have now closed it (no point in duplication) Craig
-
I first promoted Demon in June 1992, the month they set up. I joined them as a customer the following year. This is the first time I have mo...
-
I typically get a lot of calls from Recruitment Agencies. Usually it's about 20-25 a week. At 5-10 mins a call plus the inevitable telep...
-
It has always surprised me that in the US, where holidays are valued and children get about 6 weeks more annual holiday than the UK, that ad...
-
Another government IT disaster. 10 years behind schedule, the Dunblane gun register is 'unfit for purpose' . The article also mentio...
No comments:
Post a Comment